May 27 security update question | WordPress.org

rmang
(@rmang)

18 years, 11 months ago

Does the May 27 security update for wp-includes/template-functions-category.php apply to a stock 1.5 install, or only a 1.5.1 install? I noticed the code is quite different between the 2 versions where the fix is applied, so just wanted to double check. Thanks.

Viewing 1 replies (of 1 total)

Thread Starter rmang
(@rmang)

18 years, 11 months ago

1.5.1.1 has the code:
—
function get_the_category_by_ID($cat_ID) {
$cat_ID = (int) $cat_ID;
$category = &get_category($cat_ID);
return $category->cat_name;
}
—

1.5 has the code:
—
function get_the_category_by_ID($cat_ID) {
global $cache_categories, $wpdb;
if ( !$cache_categories[$cat_ID] ) {
$cat_name = $wpdb->get_var(“SELECT cat_name FROM $wpdb->categories WHERE cat_ID = ‘$cat_ID'”);
$cache_categories[$cat_ID]->cat_name = $cat_name;
} else {
$cat_name = $cache_categories[$cat_ID]->cat_name;
}
return($cat_name);
}
—

Is putting the line “$cat_ID = (int) $cat_ID;” at the top of the function for 1.5 viable, or is this security issue only affecting 1.5.1?

Rob

Viewing 1 replies (of 1 total)

The topic ‘May 27 security update question’ is closed to new replies.

Tags

update

In: Fixing WordPress
1 reply
1 participant
Last reply from: rmang
Last activity: 18 years, 11 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics